The need for individuals trained in cybersecurity grows exponentially each year.
Cybersecurity needs to be less about defense and more about resilience, which requires more trained professionals.
The recent controversy surrounding the Federal Bureau of Investigation breaking into the iPhone of a San Bernardino mass-shooter, despite the encrypted passcode lock and a refusal by Apple Inc. to help them surpass the security measures has raised many questions and concerns related to cybersecurity.
What role should the government play in the privacy of data? If an exception is made for one phone, does it open the door for other hackers? Does the federal government’s decision to unravel layers of cybersecurity, which Apple claims were created with the sole purpose of guarding our personal information, actually protect us or put us more at risk?
Opinions vary. And while it’s still unclear what long-term effects this immediate event will have on IT protection, it has become obvious that the nature of cybersecurity is changing. There has been a wide-spread feeling of paranoia regarding the threats hackers today present, both on the individual and national level. And these concerns aren’t unfounded. There have been a handful of reports indicating that the occurrence of data breaches and cyberattacks are on the rise, with hackers becoming more sophisticated and aggressive in their activities.
Lack of cybersecurity skills and education a national issue The Bloomberg Government blog recently pointed out that the Obama Administration has upped its plan of action against cyber threats; organizations are “operating under a presumption of breach” and should start, if they have not already, “move from defense to resiliency.” Furthermore, the federal government is taking the risk of hackers and criminals so seriously that it has increased cybersecurity spending by 35 percent, bringing it to $19 billion. “As the number of threats grows, so does the shortage of trained cybersecurity pros.”
But, as the source pointed out, there is also a threat in overspending on safety and protection measures if they are ineffective and that “Ultimately, skill and training are the top commodities for government and business alike.”
In an article for The Wall Street Journal, David Brumley recently coincided with this notion, arguing that, to improve national intelligence protection and fill the shortage of cybersecurity skills, we need to place a stronger emphasis on training and education.
The University of Massachusetts Boston recently revealed that the majority, or 60 percent of colleges, do not have class offerings on the topic of information or network security, Brumley said. That is a concerning statistic, considering the gap in trained cybersecurity talent is getting wider. The source went on to suggest a number of strategies that can be taken to help resolve the issue.
Training today’s professionals for better security
One approach would be to acknowledge that cybersecurity is “a uniquely skilled profession.” Those trained in this specialty aren’t just security professionals because they possess the qualities that allow them operate using both a defensive and offensive mindset. Another recommendation Brumley made was to start embedding cybersecurity into the basic levels of education and make it part of core curriculums.
The volume of security vulnerabilities plaguing businesses today will likely only continue to grow. And there certainly will be no lack of tools and systems that organizations can invest in to help mitigate the risks. However, it is imperative that money is spent on the appropriate, cost-effective resources. As the
above sources pointed out, that will largely be onboarding professionals, or providing further training to existing IT workers, in the cybersecurity arena.
At the National Cybersecurity Institute, we offer a wide range of education programs, training courses and certification preparations, such as the (ISC)2 Certified Information Systems Security Professional (CISSP), that will give students the experience and skills needed to excel in the field of information security.